3 matches found
CVE-2021-28376
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files...
CVE-2021-28376
creationtimestamp| type| source ---|---|--- 2022-01-12 20:17:21+00:00| seen| https://t.me/cibsecurity/35347...
CVE-2021-28376
ChronoForms 7.0.7 is affected by a directory traversal vulnerability (fname path traversal) that allows reading arbitrary files outside restricted directories. The issue originates from insufficient filtering of special path elements in resource/file paths in ChronoForms 7.0.7. The vulnerability ...